Please amend the application, without prejudice, as follows: 



IN THE CLAIMS ^ 

J£l£ase cancel claims 4, 10, 16, andawfend claims I, 3, 7, 9, 13, and 15 to read as follows: 

A method for maintaining a security profile throughout nested service invocations on a 
distributed, component-based system, comprising the steps of: 



(b) 
(c) 
(d) 



(e) 



(f) 
(g) 

(h) 



providing interconnections between distributed components each having nested 
service invocations; 
^identifying a user; 

updating the user with roles; 
creaHrig a user context instance upon successful identification of the user, wherein 
the use\context instance includes information about the user including the roles and 
a unique user identifier; 
receiving a\equest from the user to invoke a first service on a first component, 
wherein the fira component invokes a second service of a second component such 
that the user context instance is passed as a parameter from the first component to the 
second component/Nand wherein completion of the second service is necessary to 
complete the first servr 

querying the user contexl\instance for the unique user identifier; 
comparing the unique user\identifier in the user context instance with an access 
control list for verifying that tlrfei user has access to the first component; and 
comparing the unique user identifier in the user context instance with an access 
control list for verifying that the usenl^as access to the second service of the second 
component. 



3. A method as recited fin claim 1, further comprising the step of modifying a user interface to 
provide access to actions thatlcan be performed by the user based on the unique user identifier and 
the roles associated with the user. 



7.^v. A computer program embodied on a computer readable medium for maintaining a security 
profile thrtm^hout nested service invocations on a distributed, component-based system, comprising: 

(a) a^&Qde segment that provides interconnections between distributed components each 
havingttesjed service invocations; 

(b) a code segmentlhal^dentifies a user; 

(c) a code segment that assotfet^s the user with roles; 
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a code segment that creates a user context instance upon successful identification of 
the user, wherein the user context instance includes information about the user 
including the roles and a unique user identifier; 

(e) a coabssegment that receives a request from the user to invoke a first service on a 
first comtonent, wherein the first component invokes a second service of a second 
component sHch that the user context instance is passed as a parameter from the first 
component to tros^ second component, and wherein completion of the second service 
is necessary to compete the first service; 

(f) a code segment that qubries the user context instance for the unique user identifier; 

(g) a code segment that compares the unique user identifier in the user context instance 
with an access control list\or verifying that the user has access to the first 
component; and 

(h) a code segment that compares the uVuque user identifier in the user context instance 
with an access control list for verifyings^hat the user has access to the second service 
of the second component. 

9. A computer program as recited in claim 7, further comprising a code segment that modifies a 
user interface to provide access to actions that can be performed by the user based on the unique user 
identifier and the roles associated with the user. 

A system for maintaining a security profile throughout nested service invocations on a 
istributed, component-based system, comprising: 

(a) logic that provides interconnections between distributed components each having 
service invocations; 
logicttmt identifies a user; 
logic thai^sociates the user with roles; 

logic that creates a user context instance upon successful identification of the user, 
wherein the user context instance includes information about the user including the 
roles and a unique user ib^ntifier; 

logic that receives a reque^from the user to invoke a first service on a first 
component, wherein the first component invokes a second service of a second 
component such that the user contexrmstance is passed as a parameter from the first 
component to the second component, ancK^yherein completion of the second service 
is necessary to complete the first service; 

(f) logic that queries the user context instance for theHmique user identifier; 

(g) logic that compares the unique user identifier in tnfesuser context instance with an 
access control list for verifying that the user has access tosthe first component; and 



(b) 
(c) 
(d) 



(e) 
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(h) logicNJiat compares the unique user identifier in the user context instance with an 
access control list for verifying that the user has access to the second service of the 
second coViponent. 

15. A system Vis recited in claim 13, further comprising logic that modifies a user interface to 
provide access to actions that can be performed by the user based on the unique user identifier and 
the roles associated\with the user. 
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